package com.rm.zeyou.filter;


import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * 启动类添加
 *  @ServletComponentScan(basePackages = {"com.rm.zeyou.filter"}) 注解
 * @author zhangmy
 * @date 2022/7/1 10:51
 * @description
 */
@Slf4j
@WebFilter(filterName = "xssFilter", urlPatterns = "/*", asyncSupported = true)
public class XssFilter implements Filter {

    /**
     * 忽略权限检查的url地址
     */
    @Value("${xss.excludeUrls}")
    private String excludeUrls;

    @Override
    public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
            throws IOException, ServletException {

        HttpServletRequest req = (HttpServletRequest) arg0;
        HttpServletResponse response = (HttpServletResponse) arg1;
        //获取请求你ip后的全部路径
        String uri = req.getRequestURI();
        //跳过不需要的Xss校验的地址
        for (String str : excludeUrls.split(",")) {
            if (uri.contains(str)) {
                arg2.doFilter(arg0, response);
                return;
            }
        }
        //注入xss过滤器实例
        XssHttpServletRequestWrapper reqW = new XssHttpServletRequestWrapper(req);
        //过滤
        arg2.doFilter(reqW, response);
    }

    @Override
    public void destroy() {
        log.info("xss 过滤器销毁");
    }

    @Override
    public void init(FilterConfig filterConfig1) throws ServletException {
        log.info("xss 过滤器载入");
    }
}